44c467e9271a6c66e41ec8861fbade44f3d6c553859e0b5da8decde453ca297b

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04-01-2024 19:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b3513c6772e4e94ea42dacbddf99235439165bb51f6ca4f3560a7482215cfa67.exe
Size

101.7MB
MD5

1916a0852f4643bd6634b6153868e8f8
SHA1

276de9ea30ea7cbc414c1be9fac3c3d8c61c5b29
SHA256

b3513c6772e4e94ea42dacbddf99235439165bb51f6ca4f3560a7482215cfa67
SHA512

9212bd1dbe930f6334160b7ec0fe5eff9f3ef62a6eb5d488fdc4b05640c9556d435327a622201453b48eb43966ad67ce29bc927a2d94e1d857942f1086ea4ca4
SSDEEP

49152:Cqe3f61222222222222222222222222222222222222222222222222222222228:bSiCQxHjUd3JDcgF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2532	b3513c6772e4e94ea42dacbddf99235439165bb51f6ca4f3560a7482215cfa67.tmp

Loads dropped DLL 1 IoCs

pid	Process
2008	b3513c6772e4e94ea42dacbddf99235439165bb51f6ca4f3560a7482215cfa67.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 2532	2008	b3513c6772e4e94ea42dacbddf99235439165bb51f6ca4f3560a7482215cfa67.exe	28
PID 2008 wrote to memory of 2532	2008	b3513c6772e4e94ea42dacbddf99235439165bb51f6ca4f3560a7482215cfa67.exe	28
PID 2008 wrote to memory of 2532	2008	b3513c6772e4e94ea42dacbddf99235439165bb51f6ca4f3560a7482215cfa67.exe	28
PID 2008 wrote to memory of 2532	2008	b3513c6772e4e94ea42dacbddf99235439165bb51f6ca4f3560a7482215cfa67.exe	28
PID 2008 wrote to memory of 2532	2008	b3513c6772e4e94ea42dacbddf99235439165bb51f6ca4f3560a7482215cfa67.exe	28
PID 2008 wrote to memory of 2532	2008	b3513c6772e4e94ea42dacbddf99235439165bb51f6ca4f3560a7482215cfa67.exe	28
PID 2008 wrote to memory of 2532	2008	b3513c6772e4e94ea42dacbddf99235439165bb51f6ca4f3560a7482215cfa67.exe	28

C:\Users\Admin\AppData\Local\Temp\b3513c6772e4e94ea42dacbddf99235439165bb51f6ca4f3560a7482215cfa67.exe
"C:\Users\Admin\AppData\Local\Temp\b3513c6772e4e94ea42dacbddf99235439165bb51f6ca4f3560a7482215cfa67.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Users\Admin\AppData\Local\Temp\is-0J0UT.tmp\b3513c6772e4e94ea42dacbddf99235439165bb51f6ca4f3560a7482215cfa67.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-0J0UT.tmp\b3513c6772e4e94ea42dacbddf99235439165bb51f6ca4f3560a7482215cfa67.tmp" /SL5="$4010A,105719672,825344,C:\Users\Admin\AppData\Local\Temp\b3513c6772e4e94ea42dacbddf99235439165bb51f6ca4f3560a7482215cfa67.exe"
  2⤵
  - Executes dropped EXE
  PID:2532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-0J0UT.tmp\b3513c6772e4e94ea42dacbddf99235439165bb51f6ca4f3560a7482215cfa67.tmp

Filesize
559KB

MD5
e2f03e850dc86ec87cf82ff0cad8b5e7

SHA1
f52ce9a1277149f6d632d23d5fc5f70884761a13

SHA256
b4e7033b7a3b9727c8cbf42ec75d7c2e7cb64e05596f7b8035d947edf25f345d

SHA512
2d7ac21aff58935657c31e7e87a08377056189c9e0cbb99fa24e6cfd227d736834360a27645b7a13d9c388a477777cf774727c9c24ef82c0e677975f519827b8

Download Submit
\Users\Admin\AppData\Local\Temp\is-0J0UT.tmp\b3513c6772e4e94ea42dacbddf99235439165bb51f6ca4f3560a7482215cfa67.tmp

Filesize
479KB

MD5
282f0e59c66b2b13ddaa1fde43f5a7b3

SHA1
b372e97dd390d9cffd348f66da90832d61b9cf38

SHA256
22a4536239234c4b9478bd05172f673314eb5a7d5a5c9efee33462e36858c18d

SHA512
3e68d529f68c3fd2ea96c2a7b799d588ee91a821c3ab79491f35044ecb34efa870ec74a9e1dfe986ef779a3937f63b97a985b1195028a0c8cfa4ddd449414422

Download Submit
memory/2008-0-0x0000000000400000-0x00000000004D7000-memory.dmp

Filesize
860KB

Download
memory/2008-17-0x0000000000400000-0x00000000004D7000-memory.dmp

Filesize
860KB

Download
memory/2532-7-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2532-15-0x0000000000400000-0x0000000000711000-memory.dmp

Filesize
3.1MB

Download